January 23rd, the first GDPR Salon in Brussels took place offering an insight on some major developments of GDPR technology in Belgium. The two hundred attendees and representatives from the public authorities and the partners of the organization being all enthusiastic on the setup and activities of the GDPR Salon calls for some additional events of interest, including a GDPR Salon 2019. The opening keynotes from both State Secretary on Privacy Philippe De Backer and Willem Debeuckelaere, president of the privacy commission in Belgium, confirmed the additional activities requested from the Belgian DPA, extending its responsibilities and increasing its budget.
If you missed it, presentation materials are now available for download from the GDPR Salon event page or look for the 2018-01-23 in our calendar.
January 18th, already for the fifth time the annual LSEC Cyber Threat Intelligence seminar took place in Brussels. Focusing on the domains of Situational Awareness, threat detection and how to respond to it, Cyber Threat Intelligence includes the mechanism of collecting and dealing with cybersecurity threat information. Some of this information needs to acted upon. With a keynote by the CEO of G DATA Advisory and Advanced Malware Analysis team, and followed by some experience from within Airbus Cyber Security on how to treat Cyber Threat Intelligence within the organization. Wim Hafkamp, CISO Rabobank was challenged by 100kms of wind in the back but came and presented his view on the challenges of the financial services market. Key components related to regulations, software engineering and dealing with cyber threat intelligence. IBM, ATAR Labs - a very promising startup from Turkey - capable of automating many tedious presidential tasks. Followed with an interesting perspective on Europe's biggest sharing platform, MISP (Malware Information Sharing Platform).
If you missed it, presentation materials are now available for download from Cyber Threat Intelligence CTI-registration page or look for the 2018-01-27.
On November 30th, LSEC organized its 8th GDPR activity in 2017, this time on Experiences Sharing in GDPR transformation, covering topics such as developments and state of play with guidelines, accountability, PIA's and DPIA's, Consent Management, Data Leakage Prevention technologies, compliance management, company wide data loss protection and overall privace management. Interesting debates with operational data protection coordinators and DPO's, participants from DPO offices managing the current challenges in the ongoing GDPR transformation.
The majority of the participants have already been studying GDPR and its impact, but continue to struggle with the implementation. Guidance from the experts Nicholas Delcroix, Hans Graux, Laurie-Ann Bourdain and experiences from the iWelcome team, on privacy by design by Tommy Vandepittte, using SDLC for GDPR development by Toreon, practical experiences on use of DLP technologies from Symantec and Data Protection form IBM and finally from iGuards made it an informative and practical session for our attendees. For most of them, interpretation of the GDPR regulation continues to be challenge, debate and discussion. Best practices amongst attendees supports some of the ongoing developments on GDPR transformation.
If you missed it, presentation materials are now available for download from the GDPR events page and looking for November 30th event (or any of the other past sessions)..
In view of the ongoing requirements to cope with General Data Protection, hereby is a list and pointer of technologies and capabilities that support the management and control for GDPR.
- data discovery tools
- end point protection
- network protection
- data leakage prevention & detection
- monitoring and analysis
- Privacy Enhancing Technologies
Personal Privacy Tools :
http://www.eyewnder.com/views/download : is a chrome extension allowing an individual to control the Chrome browser
Based on studies and years of professional experience, we know that cyber criminals are constantly monitoring and successfully attacking companies. We know that this is due to the fact that those companies lack visibility and control on how they are perceived from the outside. By not having this dynamic view at hand, security & risk stakeholders are struggling to answer simple questions like:
Not knowing an answer to those questions leaves an organization in the dark and at high risk. Without awareness, your company can be attacked by cyber criminals, potentially undermining your critical business information infrastructure, resulting in financial losses and damage to your reputation. The cyber security solution called “Sweepatic” is able to address those important questions for you. At the same time, it helps your company to comply with the General Data Protection Regulation (GDPR), the EU legislation that stipulates companies are, among other things, liable for protecting used data, and assessing their security risks.
To apprehend the Sweepatic solution, it's important to understand the “Cyber Kill Chain” concept. It’s a phased model used in the military world that describes the different phases of a targeted cyber attack. The reconnaissance phase is the first and initial phase, prior to the attack. This phase is used by cyber attackers to research, to perform identifications and to select their targets. They obtain this view by using different advanced reconnaissance techniques.
The Sweepatic solution mimics the way the different threat actors are conducting these reconnaissance activities. We operate just like the criminals do in their preparation phase. By doing so, Sweepatic develops a view of the potential possibilities to breach your company.
Due to the way companies interact with each other via web services, how employees and consumers communicate with and about the organization, one can see a great amount of digital artifacts about the company, that are publicly available. As these are picked up by cyber adversaries, in order to prepare their attack (e.g. spear phishing threat), Sweepatic customers can really benefit from the Sweepatic solution to become informed. It allows your company to take action in a proactive way.
The Sweepatic solution contains different layers: Sweep, Analyze, Evaluate, Report, Clean and Collaborate. The solution runs around the clock (24x7) by using real-time data exploration and highly technological reconnaissance techniques.
Our personal data crawler “sweeps” the publicly available information of internet domains and is collecting all kinds of different files and pictures on the internet to extract personal data. It's by extracting and analyzing those artifacts that Sweepatic is able to create insights about your information leakage. Sweepatic is also able to clean these data leaks, preventing your company of further unwanted information exposure. As the results are centralized, Sweepatic always keeps a pair of eyes on your digital footprint and alerts you when appropriate.
We also conduct targeted hunting engagements using amongst others Open Source intelligence (OSINT), can generate benchmarks and research studies for your company to compare your digital footprint with business competitors, a particular industry, country or other combinations.
May 5th, the European Parliament finally publsihed the GDPR (General Data Protection Regulation), which will take effect on May 25th, 2018. With more than 70% of European companies not even aware of this regulation, let alone be ready to comply to the regulation, LSEC and its Members and Partners started with a series of events and activities that will support the strategic definition, implementation of activities and exchanging expert advice that lead to compliance. During these events all different aspects will be investigated in depth. The major differentiator is that we will not only debate the legal implications, but will deep dive into its implementation best practices, building on top of existing processes and procedures (such as ISO 27k, PCI/DSS, Basel II, ....), using existing technologies (implementing the right rules on NGFW, NGIDS, SIEM, Data Leakage in End Protection, Encryption technologies, ....).
These seminars will be supported with various white papers, expert advisory and sessions minutes.
More information on the Data Protection Regulaton with links and documentation can be found on the Data Protection Section of the LSEC website. Registration to the events can be found there as well.
Join us today in getting ready for first major European Security regulation for enterprises.
The EU and U.S. have reached an agreement that would protect personal data used for law enforcement purposes, Reuters reports. However, though the text has been finalized, the European Commission has said it will not be signed until the U.S. passes legislation giving EU citizens the right to judicial redress in the U.S. Meanwhile, Europe's Advocate General is expected to issue a long-awaited legal opinion on Facebook's sharing of personal information with the National Security Agency under the agency's PRISM program. The opinion, which is non-binding but influences the 15 judges on the European Court of Justice, will likely affect the EU-U.S. Safe Harbor Agreement. The opinion's expected delivery date is now 23 September.